The present invention relates to a technique for preventing the confidential information handled in an organization or the like from leaking outside.
The electronic data handled in an organization or the like contain lots of confidential information. On these electronic data, the word “confidential” is written in the documents intentionally to inform the viewers that the particular data are confidential. The confidential data are thus prevented from leaking outside by making the viewers conscious of the importance of leaking the data outside. Sometimes, however, the confidential data may be inadvertently or intentionally transmitted outside by mail. To cope with this problem, the server searches the mail contents using a keyword to check whether a preset keyword (“confidential”, for example) is contained in the mail. In the case where the keyword is not contained in the mail, the mails are transmitted as they are while in the case where the keyword is contained in the mail, the transmission is suspended.
Some confidential information can be accessed only by executives of an organization. In order to prevent the confidential information from being accessed by unauthorized personnel, the information flow can be controlled to make the particular confidential information inaccessible from other than the executives by attaching a forcible access control function.
For detailed information on the forcible access control, refer to the reference (TCSEC) “Department of Defense Trusted Computer System Evaluation Criteria” DOD 5200.28-STD.
On the other hand, U.S. Pat. No. 5,940,591 discloses a technique for realizing a multi-level security in the network environment.
Also, JP-A-8-204701 discloses a method of preventing the confidential information from leaking to third parties by transmitting the information in encrypted form.
The system for preventing the information leakage based on the keyword search is effective for specified data formats, but not effective for other data formats and an image file containing no text information.
In a computer equipped with the mandatory access control function, the information flow can be controlled sufficiently as long as the data stay within the particular computer. Once the data transfers to another computer, however, the security level of the data, which is dependent on the transferee computer, cannot be easily guaranteed. Also, the computer having the mandatory access control function is often utilized for special applications and unable to be used for general-purpose applications. The use of such computer, therefore, hardly extends to unclassified companies and organization.
U.S. Pat. No. 5,940,591 described above poses such problems as: (1) the access control is provided for each user but not for each file, and (2) the requirement for making inquiry at a security manager each time of transmission results in a heavy load.
In the case where data are transmitted in encrypted form, on the other hand, the data are encrypted at an employee's terminal, and therefore the employee is required to be informed which data is confidential. As a result, the confidential data may be inadvertently transmitted without being encrypted.